The present invention relates to a technology of acquiring and managing a trail in a system that manages trails such as corporate activities.
In recent years, companies are required to prove themselves free from injustice such as information leakage or data falsification in the process of operations in order to be compliant with regulations or prove the legitimacy of corporate activities to stockholders and customers. Particularly, IT systems are presently involved in most of corporate activities. There is a need for a technology of easily and strictly acquiring and managing corporate activity trails using the IT systems.
Generally, the IT system in a company is broadly configured as two groups. One includes client personal computers (PCs) employees personally use. The other includes servers that operate various core corporate applications such as ordering applications and Customer Relationship Management (CRM) applications. An employee carries out his or her work while using a PC to read or write e-mail, use a document file attached to the e-mail for a spreadsheet application or a word-processing application, or use various core corporate applications supplied from the server through a browser.
Once data is input to a core corporate application, the server strictly records and manages processes concerning who accessed the data at which time, for example. On the PC, the employee carries out his or her work while using multiple applications such as an e-mail program and a spreadsheet application to transcribe work-related critical data such as “price” and “quantity” from one document file to another. Depending on cases, the employee may change the values. Basically, these processes are not recorded or managed.
Japanese Unexamined Patent Application Publication No. 2006-516775 proposes the technology that aims to address this problem. According to the technology, a monitor is resident in the operating system (OS) of a PC. The monitor detects document file access events such as moving, copying, and renaming a file. The monitor creates an effectiveness graph to visualize dependency relation between document files and prevent document files from leaking.
Japanese Patent Application Laid-Open Publication No. 2008-269020 proposes the related technology. The technology acquires information about employee operations such as copy and paste. Based on the information, the technology forms a static link between locations of document files. When a document file contains an error at a given location, the technology determines an influence of the error on which file at which locations.
In order to prove the legitimacy of corporate activities, a system needs to satisfy such demands as: tracing back to a person who originally recorded the price on a document file; confirming that no one falsifies the price at any part of the link to this document file; and so on.
The technology disclosed in Japanese Unexamined Patent Application Publication No. 2006-516775 cannot manage a data flow in smaller units than document files such as “price” and “quantity” contained in a document file. The technology makes it necessary to manually check all document files historically related to the document file that contains an interested location, requiring a large amount of time and effort. The technology does not manage location changing operations or location values. If data may be falsified, the technology cannot determine when and who changed the data.
The technology disclosed in Japanese Patent Application Laid-Open Publication No. 2008-269020 uses a static link to manage the dependency relation of copy and paste between document file locations. The technology is incapable of tracing when multiple copy and paste operations are performed between locations or when a bidirectional link is formed between locations.